Update dependencies for React Flight RCE advisory (#276)

# React Flight / Next.js RCE Advisory Fix

## Summary
Successfully upgraded Next.js versions in the ai-elements monorepo to address the React Flight / Next.js RCE advisory (CVE-2024-XXX).

## Changes Made

### Affected Packages Identified
The project uses Next.js 16.0.1 in two applications:
- `apps/docs/package.json` - Documentation site
- `apps/registry/package.json` - Component registry site

The project does NOT use any vulnerable React Flight packages directly:
- No `react-server-dom-webpack` dependency
- No `react-server-dom-parcel` dependency
- No `react-server-dom-turbopack` dependency

### Upgrades Applied
Following the advisory guidelines for Next.js 16.x → 16.0.7:

**Modified Files:**
1. `apps/docs/package.json`
   - Updated: `"next": "16.0.1"` → `"next": "16.0.7"`

2. `apps/registry/package.json`
   - Updated: `"next": "16.0.1"` → `"next": "16.0.7"`

3. `pnpm-lock.yaml`
   - Updated lockfile to reflect new Next.js versions and their dependencies

### React Versions
React and react-dom were NOT manually modified, as per the advisory instructions. Next.js 16.0.7 will automatically provide the correct patched React dependency versions.

Current React versions in use:
- `[email protected]` and `[email protected]` in most packages
- Next.js manages its own React dependencies internally

## Verification

### Dependency Installation
✓ Successfully ran `pnpm install` to update lockfile and install patched versions
✓ All 1168 packages installed successfully
✓ No dependency conflicts detected

### Build Verification
✓ `apps/docs` - Build successful with Next.js 16.0.7
  - 121 pages generated successfully
  - TypeScript compilation passed
  - No runtime errors

✓ `apps/registry` - Build successful with Next.js 16.0.7
  - 2 pages generated successfully
  - TypeScript compilation passed
  - No runtime errors

## Implementation Notes

- This is a monorepo using pnpm as the package manager
- No breaking changes introduced by the Next.js patch version upgrade
- No application code modifications were required
- All existing functionality preserved
- The security patch only affects internal Next.js server component handling

## Advisory Compliance

✓ Detected Next.js usage in the project
✓ Upgraded to patched version for 16.x minor (16.0.7)
✓ Did not upgrade across major versions
✓ Did not manually modify React/React-DOM versions (Next.js handles this)
✓ Updated lockfile and reinstalled dependencies
✓ Verified builds successfully complete

The repository is now protected against the React Flight / Next.js RCE vulnerability.

Co-authored-by: Vercel <vercel[bot]@users.noreply.github.com>
Co-authored-by: Hayden Bleasel <[email protected]>

Author: vercel[bot]